Using Public IP Addresses on a Private Network

11 posts in this topic

I just discovered that the University where I work uses public IP addresses on their internal network. The results of ipconfig in windows and a web site like whatismyip.com produce the same results. Everywhere else I have worked used private IPs internally and then NATed them through one or two public IP to reach the internet. Does anyone have any idea why the Uni might do that? It seems wasteful to me. I also did an ARIN search and found out that we own a block of Class B addresses that would seem to correspond to all the internal IPs on campus. What gives?

Share this post

Link to post

Share on other sites

I'd guess they were from the pre-nat days when everyone had a public ip, and as time has gone on they've closed the front door down to not so public but like everyone else, want to keep their valuable class B allocation by proving they still "need" it to arin.

We know its bullshit, but its enough to satisy some box ticking clerk at arin if they enquire...

0

Share this post

Link to post

Share on other sites

What about the cost? Do you think we pay a yearly fee for the addresses? I've checked several IP blocks around ours. They are mostly small colleges and universities. Sure seems a waste with us running out of v4 addresses.

Commercially thats a valueable asset so $100/yr to keep it is chickenfeed...

This goes over the world over, very few people need a /24 or the like but lots have them kicking around. Its a bit of a attitude of "we'll release ours when xyz gives theirs up first"...

The other thing you have to bear in mind, is universities & colleges were "the internet". Most colleges, universities and even many leading schools had interlinked campus networks a decade or two before there was any hint of widespread "public" access.

They're the ones that made all the investment and lead the internet revolution.

Personally I recon the next step is with wireless meshworking. Wireless 802.11s devices given IPv6 at manufacture that can communicate globally as long as they are in range of another 802.11s device. But there is still a lot of work todo in bandwidth management and routing (how do you manage finding a route to 3ffe:1900:4545:3:200:f8ff:fe21:67cf which is in Japan, when your address is 3ffe:1900:4545:3:200:f8ff:fe21:67ce in Moscow)

The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.

Commercially thats a valueable asset so $100/yr to keep it is chickenfeed...

This goes over the world over, very few people need a /24 or the like but lots have them kicking around. Its a bit of a attitude of "we'll release ours when xyz gives theirs up first"...

The other thing you have to bear in mind, is universities & colleges were "the internet". Most colleges, universities and even many leading schools had interlinked campus networks a decade or two before there was any hint of widespread "public" access.

They're the ones that made all the investment and lead the internet revolution.

Personally I recon the next step is with wireless meshworking. Wireless 802.11s devices given IPv6 at manufacture that can communicate globally as long as they are in range of another 802.11s device. But there is still a lot of work todo in bandwidth management and routing (how do you manage finding a route to 3ffe:1900:4545:3:200:f8ff:fe21:67cf which is in Japan, when your address is 3ffe:1900:4545:3:200:f8ff:fe21:67ce in Moscow)

The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.

Good point about universities being "the internet." I'll have to find out how long the campus has been online. Also did the ARIN search on MIT. They are a /8. Pretty big network, or at least they have the potential to be.

0

Share this post

Link to post

Share on other sites

The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.

I would personally bet on the backbone staying ipv4, and encapsulating ipv6 within a ipv4 container for transit purposes and nat it at the entry and exit points for the major node for that ipv6 major subnet. Ugly fudge but it will work with little expenditure and no real downside from a commercial point of view and thats all the backbone providers care about, the $$$. The routing will be a horrible messed up nightmare as you say as ipv6 peering information will have to propogate between backbone peers along with ipv4 to work properly.

I think thats why theres no pressure and no backbone providers are panicing, theres a workround in place already that serves both isp level wanting ipv6 and the backbone guys not having a shedload of new investment in router hardware and stuff...

0

Share this post

Link to post

Share on other sites

And if your brain isnt currently idly wondering about reading up technically on how thats possible, with a view at looking how you could poison the translation somehow, you might just be on the wrong forum

0

Share this post

Link to post

Share on other sites

The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.

I would personally bet on the backbone staying ipv4, and encapsulating ipv6 within a ipv4 container for transit purposes and nat it at the entry and exit points for the major node for that ipv6 major subnet. Ugly fudge but it will work with little expenditure and no real downside from a commercial point of view and thats all the backbone providers care about, the $$$. The routing will be a horrible messed up nightmare as you say as ipv6 peering information will have to propogate between backbone peers along with ipv4 to work properly.

I think thats why theres no pressure and no backbone providers are panicing, theres a workround in place already that serves both isp level wanting ipv6 and the backbone guys not having a shedload of new investment in router hardware and stuff...

And if your brain isnt currently idly wondering about reading up technically on how thats possible, with a view at looking how you could poison the translation somehow, you might just be on the wrong forum

Of course, customers not really wanting to pay for horribly messed up routing with open season on translation poisoning and various other huge security and transmission holes could be considered a "commercial downside".

Especially when to all intents and purposes VirtualHosts are a much cleaner and more reliable fudge.